Whaling security

Whaling security requires advanced protection.

Whaling security is a growing concern for organizations, as instances of whale phishing are rising sharply. Whale phishing and other types of CEO fraud are a kind of spear phishing email attack that targets high-profile end-users and executives – employees with access to highly valuable information and financial accounts.

These scams use social-engineering to trick users into divulging sensitive or confidential information such as credit card numbers, passwords or bank account information. Some attacks impersonate a CEO or CFO to convince an employee to unknowingly wire money to a fraudulent account.

The need for whaling security grows more important by the month. The FBI reports that whale phishing rose sharply between January and August 2015, with attacks up more than 270%1. Clearly, every organization should adopt a whaling security strategy to effectively protect employees and the organization.

Whaling security with Mimecast.

As a global leader in cloud-based email services for security, archiving and continuity, Mimecast offers Targeted Threat Protection with Impersonation Protect to defend against a whaling attack.

Mimecast’s whaling security solution provides real-time protection against social-engineering attacks that often do not include the typical ingredients of an email-based attack such as suspicious URLs, malware or weaponized attachments. Impersonation Protect is consistently effective at spotting a whaling attack, and works alongside URL Protect and Attachment Protect to deliver comprehensive protection against the most advanced email threats.

How Mimecast whaling security works.

Mimecast helps to achieve whaling security by scanning all inbound email for indicators that a message may be suspicious. These include:

A domain name that has been newly registered, making it more likely to be suspicious.

A domain name that is a near match to the recipient’s corporate domain. Attackers will often use a domain name that appears to be a trusted domain, but with subtle differences that can only be spotted by close inspection.

The display name or friendly name, to identify whether the sender is attempting to spoof an internal email address.

The body of the message, searching for keywords such as “bank transfer” or “wire transfer” which are commonly found in these type of attacks.

To ensure whaling security, Impersonation Protect may be configured by administrators to block the email, bounce it or tag it as suspicious and issue a notification to employees to prevent them from unwittingly making fraudulent wire transfers or divulging sensitive employee data.